<?php
	require_once('/public_header.php');
	require_once('ticket_functions.php');
	require_once('email.php');
	require_once('globals.php');
?>

<form action="new_password.php" method="post">
	<h3>Enter your new password (must match) to reset it.</h3>
	<br/>
	Password: <input type="password" name="password1"><br/>
	Password: <input type="password" name="password2"><br/>
	<input type="submit" name="resetPasswordSubmit" value="Reset Password">
	<div id="message">
		
	</div>
<?php
	if(isset($_GET['id'])):
		$randomID = $_GET['id'];
		echo '<input type="hidden" name="id" value="' . $randomID . '">';
	endif;
	if(isset($_POST['id'])):
		$randomID = $_POST['id'];
		echo '<input type="hidden" name="id" value="' . $randomID . '">';
	endif;
?>
</form>

<?php

	// echo generateRandomID(25) . "<br/>";
	if($_SERVER['REQUEST_METHOD'] == 'POST'):
		if(isset($_POST['resetPasswordSubmit'])):
			handlePost();				
		endif;
	elseif ($_SERVER['REQUEST_METHOD'] == 'GET'):
		if(isset($_GET['id'])):
			$randomID = $_GET['id'];
			if(idHasBeenRedeemed($randomID)):
				echo "<p>This ID has been redeemed already.</p>";
			else:
				// do nothing. Wait for submit.
			endif;
		else:
			header("Location: admin_login.php");
		endif;
	endif;
	
	function handlePost()
	{
		$randomID = $_POST['id'];
		if(idHasBeenRedeemed($randomID)):
			displayJavascriptAlert("This ID was already redeemed.");	
			return;
		endif;
		$password1 = $_POST['password1'];
		$password2 = $_POST['password2'];
		if(!empty($password1) && strcmp($password1, $password2) == 0 ):
			resetPassword($password1, $randomID);
		else:
			displayJavascriptAlert("Enter your password twice and make sure it matches.");			
		endif;
	}
	
	function resetPassword($password1, $randomID)
	{
		if(updateAdminPasswordInDatabase($password1, $randomID)):
			updateIDbecauseItWasRedeemed($randomID);
			displayJavascriptAlert("Your password has been changed.");
		else:
			// some error
		endif;
	}
	
	function updateIDbecauseItWasRedeemed($randomID)
	{	
		require('\private\mysqli_connect.php');
		$query = 	"update reset_password set redeemed = true where random_id='" . $randomID . "'";
		$result = $db->query($query);
		
		if($result):
			// echo "success<br/>";
			concatElementByID("message", "Your password was updated.");
			return true;
		else:
			concatElementByID("message", "failure: " . $db->error);
			echo $db->error . "<br/>";
			return false;
		endif;
	}
	
	function updateAdminPasswordInDatabase($password1, $randomID)
	{
		require('\private\mysqli_connect.php');
		$query = 	"update administrators set password=SHA1('" . $password1 . "')
					where admin_id = (select administrator_id from reset_password where random_id = '" 
						. $randomID . "')";
		$result = $db->query($query);
		
		if($result):
			// echo "success<br/>";
			//concatElementByID("message", "success");
			return true;
		else:
			concatElementByID($elementID, "failure: " . $db->error);
			echo $db->error . "<br/>";
			return false;
		endif;
	}	
	
	function idHasBeenRedeemed($randomID)
	{
		require('\private\mysqli_connect.php');
		$query = "select reset_id from reset_password where random_id = '" . $randomID . "' and redeemed = false";
		$result = $db->query($query);
		
		if($result->num_rows > 0):
			return false;
		else:
			return true;
		endif;
	}
?>